In this presentation, the author discusses CyGrap, a methodology and tool for improving network security posture, maintaining situational awareness in the face of cyberattacks, and focusing on protection of mission-critical assets.

In this presentation, the authors review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.

Have software’s repeated successes, and the assumption that they will continue endlessly, discounted perceptions of its importance among leadership in civilian government, national defense, and national security organizations?

In this presentation, the author examines the key impediments to effective information sharing and explore how network activity and threat correlation can alter cyber economics to diminish threat actor return on investment.

This webinar focused on the development and application of combined data analytics and offered several examples of analytics that combine domain resolution data, network device inventory and configuration data, and intrusion detection.

Reverse engineering is a challenging and time consuming process that traditionally requires skilled and experienced analysts. The Pharos framework includes a number of utilities and tools to automate common reverse engineering tasks.

During this webinar, Dr. Shannon examined the questions, science, and technology that builds trust with customers, other organizations, and society to ensure their security and privacy, and our own resilience and accountability.

At the SEI, we are developing tools, techniques, and tutorials to help developers make autonomous systems that are dependable and predictable while preserving core system features and functionality that extend and complement human operators.

Presentation on research to build algorithms that allow robots to explain their behaviors to users and adapt their behavior during execution to enable users to accurately predict what they will do next

Poster on research into determining the extent to which it is possible to technically detect indicators of employees who may be on a path to harm themselves and/or others within the workplace via insider threat detection tools

Poster on research to develop tools that integrate data from multiple, commonly available sources to pinpoint problematic design decisions and quantify their consequences in a repeatable and reliable way

In this podcast, CERT vulnerability analyst Dan Klinedinst discusses research aimed at helping the Department of Homeland Security United States Computer Emergency Readiness Team (US-CERT) understand future technologies and their risks.

In this podcast, CERT researcher Vijay Sarvepalli explores Domain Name System or DNS Blocking, the idea of disrupting communications from malicious code such as ransomware that is used to lock up your digital assets.

This webinar will focus on the development and application of combined data analytics and will offer several examples of analytics that combine domain resolution data, network device inventory and configuration data.

With an ever increasing number of crimes with a cyber component, the need for investigators who have been trained the ways of the Internet, encryption, and social media, to name a few, is growing and will continue to grow.

Describes the Cybersecurity Program Progress Metric and how its implementation in a large, diverse U.S. national organization can serve to indicate progress toward improving cybersecurity and resilience capabilities.

In this podcast, Carol Woody and Christopher Alberts introduce the prototype Software Assurance Framework, a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain.

In this discussion-focused webinar, Bob Binder and SuZ Miller will discuss 5 key questions that government organizations contemplating embarking on adopting automated test techniques and tools in an Agile environment are likely to have.

Watch Ipek Ozkaya in this Cyber Minute, as she recommends developers adopt a simple practice of reporting technical debt, including its potential accumulating side effects, as they discover or accrue that debt.

This short report provides a summary of the various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this report covers the time period from January through June 2017.

This guide provides an introduction to the key concepts, principles, and roles necessary to establish a successful Coordinated Vulnerability Disclosure process. It also provides insights into how CVD can go awry and how to respond when it does so.

Watch Bob Schiela as he decribes how SEI Secure Coding Standards have codified best practices for properly using features of specific languages to avoid security flaws in your software, thus reducing vulnerabilities.

In this podcast, Will Hayes and Eileen Wrubel present five perspectives on scaling Agile from leading thinkers in the field, including Scott Ambler, Steve Messenger, Craig Larman, Jeff Sutherland, and Dean Leffingwell.

The Federal Virtual Training Environment (FedVTE) is an online, on‐demand training system containing cybersecurity and certification prep courses, at no cost to federal, state, and local government employees.

This report provides a summary of various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this report covers the time period from July 1 through December 31, 2016.

In this podcast, Grace Lewis presents a solution for establishing trusted identities in disconnected environments based on secure key generation and exchange in the field, as well as an evaluation and implementation of the solution.

The commercial software industry is rapidly growing and creating disruptive technologies. How do we leverage the explosive growth in software capabilities for the military? What are the unique software challenges for the military?

The SEI has worked with several government programs that are adopting Agile and Lean engineering approaches. In this presentation, we provide insights into two distinct patterns of adoption that we have seen in our work.

By deploying and scaling a blend of Agile and Lean concepts, a unique team model, and fostering a problem solving and learning culture, Nationwide IT has produced significant business outcomes and demonstrated increasing employee engagement.

This presentation introduces the architecture and features of tactical cloudlets and presents a solution for establishing trusted identities in disconnected environments based on the generation and exchange of secure keys in the field.

This presentation describes a set of measures created by the Consortium for IT Quality (CISQ) and explains how the measures can be used in productivity programs, quality assurance practices, and vendor contracts.

This presentation describes the parts of the software supply chain, how vulnerabilities have been introduced, and the actions developers can employ to avoid or mitigate the risks inherent in an assembly-based software development strategy.

This presentation describes the methodology used by the SEI to conduct a cost-benefit analysis of the proposed migration of all Army software-based systems to a common operating environment (COE) and common software infrastructure.

The SEI team working with Agile in government has built a rich narrative of Agile implementation experiences and now works with an extensive network of collaborators on fundamental research questions that dive deep into cause-and-effect mechanisms.

The authors of this presentation share their experiences developing and putting in place an IT roadmap for a large government organization, resulting in the implementation of an enterprise-wide shared data service.

For different reasons, usability is generally an afterthought in the cybersecurity tool development process. In this webinar, we teach the audience the value of defining the problem and how this impacts the software quality outcomes.

This report chronicles the technical accomplishments of the Software Engineering Institute and its impact on the Department of Defense software community, as well as on the broader software engineering community.

In this podcast Nancy Mead and Carol Woody discuss their new book, Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, which introduces a set of seven principles for software assurance.

This short report provides a summary of the various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this report covers the time period from January 1, 2016 through June

In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today’s fast-paced cybersecurity field.

In this paper, the authors focus on proving the correctness of the budget enforcement that guarantees that no task τi executes beyond its W1 i. They present their approach and some preliminary results.

This paper provides an end-to-end framework where DART systems can be designed, analyzed, and implemented within the same toolchain. In this talk, the authors present this toolchain and demonstrate it on a few representative examples.

With a growing number of robots performing autonomously without human intervention, it is difficult to understand what the robots experience along their routes during execution without looking at execution logs. Rather than looking through logs, our goal

In this paper, we propose the concept of coordination between CoBot and the Parrot ARDrone 2.0 to perform service-based object search tasks, in which CoBot localizes and navigates to the general search areas carrying the ARDrone and the ARDrone searches l

In this podcast, Edna Conway and John Haller discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain.

In this webinar, Randy Trzeciak, Technical Manager of the CERT Insider Threat Center, described the summary of new requirements mandated by NISPOM Change 2 and the impact it will have on DoD contracting organizations.

DMPL is a language for programming distributed real-time, mixed-criticality software. It supports distributed systems in which each node executes a set of periodic real-time threads that are scheduled by priority and criticality.

In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR.

This report provides members of the Commercial Mobile Service Provider (CMSP) community with practical guidance for better managing cybersecurity risk exposure, based on an SEI study of the CMSP element of the Wireless Emergency Alert pipeline.

In this podcast, Harry Levinson discusses the SEI’s work with the Air Force to further evolve the AF DCGS system using Agile techniques working in incremental, iterative approaches to deliver more frequent, more manageable deliveries of capability.

This report describes how to use the goal-question-indicator-metric method in tandem with the military METT-TC method (mission, enemy, time, terrain, troops available, and civil-military considerations).

In this report, the author will provide an overview of the architecture goals, quality attributes, final design, and some lessons learned along the way in creating the virtual data repository and data visualization platform.

This report presents an approach to analyzing approximately 16 gigabytes of full packet capture data collected from an industrial control system honeynet—a network of seemingly vulnerable machines designed to lure attackers.

As they constantly change network infrastructure, adversaries consistently use and update their tools. This report presents a way for researchers to begin threat analysis with those tools rather than with network or incident data alone.

Don Firesmith discusses how acquisition professionals and system integrators can apply OSA practices to effectively decompose large, monolithic business and technical architectures into manageable and modular solutions.

This webinar described a CISO organizational structure and functions for a typical large, diverse organization using input from CISOs, policies, frameworks, maturity models, standards, and codes of practice.

In this presentation, Tim Palko and Chris Taschner explore some of the security-related topics and expectations that can be addressed when planning and changing your process to accommodate DevOps practices.

Watch Donald Firesmith discuss a taxonomy of testing types, thereby clarifying the grand scope of testing and enabling the attendee to better select the appropriate types of testing to for their specific needs.

In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations.

This report demonstrates the viability and limitations of using the Architecture Analysis and Design Language (AADL) through an extended example that allows for specifying and analyzing the security properties of an automotive electronics system.

The author describes Intelligence Preparation for Operational Resilience (IPOR), a framework for preparing intelligence that complements commonly used intelligence frameworks such as Intelligence Preparation of the Battlefield (IPB).

This study was designed to profile cyber actors, and to examine the time interval between cyber and kinetic events in order to gain greater insights into nation-state cyber responses to kinetic events.

This presentation describes a rational way for modernizing a legacy system using system architectural concepts to develop architectural options, create a scorecard, apply the scorecard, and present the results with recommendations to decision makers.

In this presentation, the authors describe how they helped shift a government stakeholder's thinking through coaching and initiating DevOps in the organization's operational and development environments.

This presentation shows the creation of a single point of reference consisting of a curated set of DoD and local documents, templates, and checklists to aid the COR and promote information sharing and collaboration.

This presentation focuses on how the government can experience true agility with quality. It describes the challenges the author's organization faced using agile and how they were successfully overcome.

The SEI has applied its Mission Thread Workshop (MTW) approach on a variety of system of systems (SoS) architectures in DoD organizations. This talk presents the MTW in the context of a DoD mission-critical SoS example.

This presentation discusses a taxonomy of 167 testing anti-patterns that the author analyzed and fully documented, describing each pitfall and providing recommendations for avoiding them and mitigating their harm.

This presentation discusses problems associated with the increasing complexity of software systems that are threatening industry's ability to build the next generation of safety-critical embedded systems.

This case study tells the story of the development of a critical IT system in the U.S. federal government and is written so that other government entities can benefit from the implementation experiences.

This presentation describes how the interagency Joint Fire Science Program developed and assessed the Interagency Fuel Treatment Decision Support System to meet the needs of the wildland fire community for fuel-treatment planning.

This presentation explores the architecture and implementation of Edge Analytics, discusses field trials, and presents findings from analyzing Twitter data related to the 2012 attack on the U.S. Diplomatic Mission in Benghazi.

In this podcast, Chip Block, Vice President at Evolver, discusses the growth of the cyber insurance industry and how it is beginning to drive the way that organizations manage risk and invest in technologies.

In this podcast, Dr. Neil Ernst discusses the findings of a recent field study to assess the state of the practice and current thinking regarding technical debt and guide the development of a technical debt timeline.

In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (PITT), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework).

In this podcast, Nancy Mead discusses how, with support from Department of Homeland Security, SEI researchers developed software assurance curricula and programs for graduate, undergraduate, and community colleges.

This technical report focuses on cybersecurity at the indirect, strategic level. It discusses how cybersecurity decision makers at the tactical or implementation level can establish a supportive contextual environment to help enable their success.

In this podcast, Scott McMillan and Eric Werner of the SEI's Emerging Technology Center discuss work to create a software library for graph analytics that would take advantage of more powerful heterogeneous supercomputers.

In this podcast, Dr. Richard Young, a professor with CMU, and Sam Perl, a member of the CERT Division, discuss their research on how expert cybersecurity incident handlers react when faced with an incident.

In this talk, we will trace the origin and evolution of a physical-world vulnerability that dates to the late 19th century, and explore whether "building security in" is even always an available option.

The case study shows that by combining an analytical approach with confidence maps, we can present a structured argument that system requirements have been met and problems in the design have been addressed adequately.

In this paper, the characteristics of a potential cybersecurity video game are presented. Several current cybersecurity games were reviewed and key attributes and shortcomings of these games were identified.

In this podcast, Sarah Sheard discusses research to investigate the nature of complexity, how it manifests in software-reliant systems such as avionics, how to measure it, and how to tell when too much complexity might lead to safety problems.

In this podcast, CERT researcher Christopher Alberts introduces the SERA Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle.

In this podcast, Will Hayes and Julie Cohen discuss a generalized technique that could be used with any type of system to assist the program office in addressing and resolving the conflicting views and creating a better value system for defining releases.

This session shows how use cases, activity diagrams, and overview function block diagrams can be defined early and act as input to a preliminary hazard analysis, which in turn provides valuable input to early decisions about partitioning and redundancy.

Mary Shaw discusses the evolution of software engineering, drawing on civil engineering and software architecture for examples that show the progressive codification of informal knowledge toward rigorous models and tools.

In 2012, SEI researchers began investigating vulnerabilities reported to the SEI's CERT Division. A research project was launched to investigate design-related vulnerabilities and quantify their effects.

In this podcast, Matt Butkovic and John Haller discuss approaches for more effectively managing supply chain risks, focusing on risks arising from “external entities that provide, sustain, or operate Information and Communications Technology (ICT)."

Governing operational resilience requires the appropriate level of sponsorship, a commitment to strategic planning that includes resilience objectives, and proper oversight of operational resilience activities.

The case study shows that by combining an analytical approach with confidence maps, we can present a structured argument that system requirements have been met and problems in the design have been addressed adequately.

In this podcast, the tenth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the eleventh principle:

This podcast summarizes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences planning and executing the workshop and identifying improvements for future offerings.

Sound cyber intelligence practices can help organizations prevent or mitigate major security breaches. For several years, researchers at the SEI have been examining methodologies, processes, technology, and training to help organizations.

In this podcast, part of an ongoing series, Mary Ann Lapham and Suzanne Miller discuss the application of the tenth Agile principle: Simplicity—the art of maximizing the amount of work done done—is essential.

This report describes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences in planning and executing the workshop and identifying improvements for future offerings.

This paper describes a dynamic sustainment model that shows how budgeting, allocation of resources, mission performance, and strategic planning are interrelated and how they affect each other over time.

In this webinar, John Haller and Matthew Butkovic of the CERT Division of the Software Engineering Institute will discuss real-world incidents, including recent industrial control system attacks and incidents affecting Department of Defense capabilities.

In this paper we discuss scalable detection methods for domain names parking on reserved IP address space, and then using this data set, evaluate whether this behavior appears to be indicative of malicious behavior.

In this podcast, Grace Lewis discusses five approaches that her team developed and tested for using tactical cloudlets as a strategy for providing infrastructure to support computation offload and data staging at the tactical edge.

This webinar introduces the Architecture Analysis and Design Language (AADL), the architecture modeling language used to specify safety-critical systems. We show its use in the Open Source AADL Tool Environment (OSATE).

This paper examines using Agile techniques in the software sustainment arena—specifically Air Force programs. The intended audience is the staff of DoD programs and related personnel who intend to use Agile methods during software sustainment.

This report is intended to help program managers understand categories of intellectual property, various intellectual property challenges, and approaches to assessing the license rights that the program needs for long-term execution and sustainment.

In this paper, we focus on how to mathematically formulate and reason about one critical aspect in fuzzing: how best to pick seed files to maximize the total number of bugs found during a fuzz campaign.

This report describes ways to incorporate the analysis of the potential impact of software failures--regardless of their cause--into development and acquisition practices through the use of software assurance.

In this podcast, Grace Lewis discusses research that explores the feasibility of using HTML5 for developing mobile applications, for "edge" environments where resources and connectivity are uncertain, such as in the battlefield.

This technical note describes the criteria for deploying a compiler-based memory safety checking tool and the performance that can be achieved with two such tools whose source code is freely available.

In this paper, the authors provide documented research to advance the understanding of the unintentional insider threat (UIT) that results from phishing and other social engineering cases, specifically those involving malicious software (malware).

This technical note presents an analysis of the feasibility of using HTML5 for developing mobile applications, for "edge" environments where resources and connectivity are uncertain, such as in battlefield or natural disaster situations.

In this podcast, Patrick Place describes research aimed at determining how acquisition quality attributes can be expressed and used to facilitate alignment among the software architecture and acquisition strategy.

An evaluation of the effectiveness of Software Quality Requirements Engineering for Acquisition (A-SQUARE) in a project to select a COTS product for the advanced metering infrastructure of a smart grid.

In 2012, Software Engineering Institute (SEI) researchers began investigating vulnerabilities reported to the SEI's CERT Division. A research project was launched to investigate design-related vulnerabilities and quantify their effects.

Presentation at SATURN 2014. Managing technical debt while expanding the capabilities of an existing system; using MDE to reflect the combined architecture of legacy and new systems; experience, pitfalls, and results.

Presentation at SATURN 2014. This presentation presents a practical approach to implementing integrated enterprise architecture at a large organization. Specific tools, frameworks, and languages serve only as a context for this experience-based story.

Presentation at SATURN 2014. The results of our case studies indicate that a strategic, system-wide, architectural approach to security, implemented through the partial or full adoption of security frameworks, results in the best outcome.

Presentation at SATURN 2014. Presenters discuss how choices regarding service architecture affect service variability and the cost of supporting a service, as well as positive and negative impacts of architectural choices on service variability.

Presentation at SATURN 2014. This talk demonstrates how software-development organizations can utilize Archie to integrate architecture awareness into their developers' daily programming and testing activities.

Presentation at SATURN 2014. Provides an overview of experiences and lessons learned as Raytheon, technology leader and fourth largest defense contractor in the world, takes on the challenge of incorporating software architecture into the business model.

Presentation at SATURN 2014. Presenter discusses a framework that can assess how well an architecture organization understands its environment and determine if it is meeting the needs of the organization.

In this podcast, CERT researchers Robert Ellison and Carol Woody discuss research aimed at increasing alert originators' trust in the WEA service and the public's trust in the alerts that they receive.

This report analyzes insider threat mitigation in India and Germany, using the new framework for international cybersecurity analysis described in the paper titled “Best Practices Against Insider Threats in All Nations.”

In this report, the authors describe a cybersecurity risk management (CSRM) strategy that alert originators can use throughout WEA adoption, operations, and sustainment, as well as a set of governance activities for developing a plan to execute the CSRM.

In this podcast, Bill Nichols discusses a proposal for integrating the Verified Design by Contract method into PSP to reduce the number of defects present at the unit-esting phase, while preserving or improving productivity.

With the increasing number of projects and the expansion of our team, we needed to capture our internal process and expertise so that we could effectively communicate our approach to new team members, the larger organization and our customers.

This 2014 report presents recommendations for stakeholders of the Wireless Emergency Alerts (WEA) service that resulted from the development of two trust models, focusing on how to increase both alert originators' and the public's trust in WEA.

This report presents four types of simulations run on the public trust model and the alert originator trust model developed for the Wireless Emergency Alerts (WEA) service, focusing on how to increase both alert originators' and the public's trust in WEA.

This report describes a trust model to enable the Federal Emergency Management Agency to maximize the effectiveness of the Wireless Emergency Alerts (WEA) service and provides guidance for alert originators in using WEA to maximize public safety.

This report provides operational and development mission threads to help emergency alert originators analyze scenarios that will aid them in adopting and integrating the Commercial Mobile Alert Service (CMAS) into their emergency management systems.

This report presents the Commercial Mobile Alert Service (CMAS) Alerting Pipeline Taxonomy, a hierarchical classification that encompasses four elements of the alerting pipeline, to help stakeholders understand and reason about required CMAS operations.

This report describes the adoption of the Wireless Emergency Alerts (WEA) service by the New York City Office of Emergency Management. As the first alert originator to adopt WEA, its experiences provide lessons learned for other emergency managers.

This report presents four best practices for the Wireless Emergency Alerts (WEA) service, including implementing WEA in a local jurisdiction, training emergency staff in using WEA, cross-jurisdictional governance of WEA, and cybersecurity risk management.

This report identifies key challenges and offers recommendations for alert originators navigating the process of adopting and integrating the Wireless Emergency Alerts (WEA) service into their emergency management systems.

This technical note describes the second phase of a study that focuses on the relationships between software architecture and acquisition strategy -- more specifically, their alignment or misalignment.

In this article, we present lessons learned about the characteristics of an Agile architecture that enabled an organization to develop its architecture in an Agile manner and continue to rapidly deliver features when more stringent quality attribute requi

This special report contains proceedings of the 2013 TSP Symposium. The conference theme was “When Software Really Matters,” which explored the idea that when product quality is critical, high-quality practices are the best way to achieve it.

In this podcast, Tim Chick and Gene Miluk discuss methodology and outputs of the Checkpoint Diagnostic, a tool that provides organizations with actionable performance related information and analysis closely linked to business value.

In this episode, Ian Gorton and John Klein discuss big data and the challenges it presents for software engineers. With help from fellow SEI researchers, the two have developed a lightweight risk reduction approach to help software engineers manage the ch

This white paper provides a description of a generalized technique that could be used with any type of system to assist the program office in addressing and resolving conflicting views and creating a better value system for defining releases.

In this podcast Soumya Simanta describes research aimed at creating a software prototype that allows warfighters and first responders to rapidly integrate or mash geo-tagged situational awareness data from multiple remote data sources.

In this episode, the fourth in a series about the application of agile principles in the DOD, Suzanne Miller and Mary Ann Lapham discuss the application of the fourth principle, "Business people and developers must work together daily."

In this episode, Eric Werner discusses research that he and several of his colleagues are conducting to help software developers create systems for the many-core central processing units in massively parallel computing environments.

This report introduces the Mission Thread Workshop, a method for understanding architectural and engineering considerations for developing and sustaining systems of systems. It describes the three phases of the workshop and explains the steps of each.

This report helps readers understand Agile. The report assembles terms and concepts from both the traditional world of waterfall-based development and the Agile environment to show the many similarities and differences.

This webinar will introduce the methodology and outputs of SEI's latest investigative approach: the Checkpoint Diagnostic (CPD). The CPD is the foundational technology in a well-designed "Performance Improvement Program."

Don Firesmith discusses problems that occur during testing as well as a framework that lists potential symptoms by which each can be recognized, potential negative consequences, and potential causes, and makes recommendations for preventing them.

In this episode, SEI researcher Bill Novak discusses joint programs and social dilemmas, which have become increasingly common in defense acquisition, and the ways in joint program outcomes can be affected by their underlying structure.

System-of-systems (SoS) architectures based on common software platforms have been commercially successful, but progress on creating and adopting them has been slow. This study aimed to understand technical issues for their development and adoption.

In 2006, Ultra-Large-Scale Systems: The Software Challenge of the Future documented the results of a study on ultra-large distributed systems. What has happened since the study was published? This talk shares a perspective on the post-study reality.

Rob Wojcik describes the Quality Attribute Workshop, a scenario-based approach for eliciting requirements for quality attributes (non-functional system qualities such as performance, availability, and security).

The second part will focus on SOA infrastructure-design considerations, decomposition of an enterprise service bus (ESB) into patterns and tactics as an example of SOA infrastructure, and principles of service design.

Joe Elm discusses the results of a recent technical report, which establishes clear links between the application of systems engineering (SE) best practices to projects and programs and the performance of those projects and programs.

This paper describes a proposal for integrating Verified Design by Contract into PSP in order to reduce the amount of defects present at the Unit Testing phase, while preserving or improving productivity.

This presentation describes the Mission Thread Workshop (MTW) and its benefits. The three phases for conducting an MTW are explained, as well as how the MTW fits into system-of-systems architecture development and analysis.

This article focuses on two agile architecting methods that provide rapid feedback on the state of agile team support: architecture-centric risk factors for adoption of agile development at scale and incremental architecture evaluations.

This white paper presents an improvement strategy comprising four pillars of an integrate-then-build practice that lead to improved quality through early defect discovery and incremental end-to-end validation and verification.

In this episode, Suzanne Miller and Mary Ann Lapham discuss the application of the first Agile principle, "Our highest priority is to satisfy the customer through early and continuous delivery of valuable software."